Bind cookies to app-year.

[timparenti]

Beyond the hotfix in #299, the application should be configured to change how cookies are stored should change with each app-year. It is not sufficient to simply use Date.current.year or similar in the cookie name, since the main problem manifests when users log in shortly before the app is re-seeded each April, at which point user IDs change while the cookies do not. However, there are many relevant timestamps in the database that could potentially help signal the year the app was built for.

Additionally, look into the possibility of storing more than just the user ID number in the cookie, to help detect when a cookie should go stale.

[timparenti]

Other potential solutions:

• Rotate some applicable internal key as part of the Carnival creation scripts
• Something around these lines:
  https://github.com/sc0v/binder-app/blob/55471b1628d2e1b49b8ac68e9e4d28b5c461665d/db/seeds.rb#L12-L13
  could more directly signal the relevant year and store it appropriately.

[timparenti]

Per today's meeting, once #294 is merged to keep participants bound to the same participant ID from year to year, this becomes far less of a problem.

Still, it's good hygiene to rotate the SECRET_KEY_BASE environment variable in /etc/apache2/sites-enabled/003-binder-app-production.conf when launching a new year's Carnival.

@Aklaran can add this to Carnival creation documentation in #294.